- How to Use the Website
Article 1 (Purpose of the personal information processing)
- ① Invest KOREA collects a minimum amount of personal information to provide services to our clients and resolve their complaints.
- ② The purpose of the processing of the personal information files that are registered and disclosed by Invest KOREA in accordance with Article 32 of the Personal Information Protection Act shall be as follows:
|Number||Name of personal information file||Grounds for operation||Processing purpose|
|1||KOTRA Express subscriber||Consent from the information provider||Foreign investment magazine subscription|
|2||Online investment consultation inquirer||Consent from the information provider||To answer online inquiries|
Article 2 (Processing and retention period of the personal information)
- ① During the retention period of the personal information in accordance with the Act or when collecting the personal information from the information player, Invest KOREA shall process and retain the personal information within the processing and retention period that has been consented by the information player.
- ② The processing and retention period of the personal information shall be as follows:
|Number||Name of the personal information file||Grounds for operation||Retention period|
|1||KOTRA Express subscriber||Consent from the information player||2 years from the day the subscription began or until the member unsubscribes from Invest Korea|
|2||Online investment consultation inquirer||Consent from the information provider||2 years|
Article 3 (Providing the personal information to the third party)
- 1. When Invest KOREA obtains a separate consent from the information player;
- 2. When there is a special regulation specified under the Act;
- 3. When Invest KOREA clearly recognizes the need to provide the personal information to the third party for the interests of the life, physical body or property of the information player or the third party as the information player or legal representative is in a situation where he cannot express his intention or Invest KOREA cannot obtain prior consent of the information player due to the unclear address;
- 4. When the personal information that is required for statistics and academic research is unrecognizable;
- 5. When the protection committee has reviewed and decided the case where the matters under the jurisdiction defined by a different Act cannot be executed as the personal information has been used for other purposes or has not been delivered to the third party;
- 6. When the information is needed to provide it to foreign governments or international organizations to carry out treaties and other international agreements;
- 7. When it is necessary for investigation of a crime or prosecution;
- 8. When it is necessary for a court to perform its judicial affairs; and
- 9. When it is necessary for executing a punishment, care and custody or protective disposition.
Article 4 (Entrustment of the personal information processing)
① Invest KOREA entrusts the following affairs related to the processing of the personal information to smoothly process the personal information:
Entrustment of the personal information processing : Number,Entrusted affairs,Company Name,Tel.,Hours Number Entrusted affairs Company Name Tel. Hours 1 Operation and maintenance of the KOTRA information system S.G.A Co., Ltd. 070-7308-1004 09:00~18:00 2 Operation of the customer information center Transcosmos Korea inc. 02-790-8106 09:00~18:00
Article 5 (Rights and duties of the information players and how to exercise them)
① An information player shall exercise the following rights in regards to the protection of the personal information at any time:
- 1. Request for inspection of the personal information
- 2. Request for correction where there is an error
- 3. Request for deletion
- 4. Request for suspension of the processing.
- ② The information player shall exercise his rights in accordance with Section 1 by submitting the document as provided by Annex 8. Enforcement Ordinance of the Personal Information Protection Act via mail, e-mail or fax and Invest KOREA shall respond to the request without delay.
- ③ If the information player of the personal information requests for correction or deletion of his personal information, Invest KOREA shall not use or provide the personal information of the player until such modification or deletion is completed.
- ④ The information player shall present his legal representative or agent to exercise his rights as provided by Section 1. In such case, the information player is required to submit the power of attorney in accordance with Annex 11. Enforcement Ordinance of the Personal Information Protection Act.
- ⑤ The request for suspending the process and inspection of the personal information could be limited in accordance with Article 35.5 and Article 37.2 of the Personal Information Protection Act.
- ⑥ For correction and deletion of personal information, if other Acts stipulate the particular personal information be collected, the information player shall not request for deletion thereof.
⑦ When a user rightfully requests to access, correct, delete his/her personal information, or suspend its processing, Invest KOREA will first make sure the individual making the request is the user or his/her legal representative.
* Provide any identification cards (certificate of resident registration, driver’s license, passport, etc.) to identify himself.
* If the requested person is the legal representative, any identification cards and power of attorney to identify that he is the legal representative of the information player.
* [Annex 8. Enforcement Ordinance of the Personal Information Protection Act] Request for inspecting, modifying, deleting and suspending the process of the personal information
* [Annex 11. Enforcement Ordinance of the Personal Information Protection Act] Power of Attorney
- ⑧ Procedures for inspecting, correcting, deleting and suspending the personal information are as follows:
Article 6 (Items for processing the personal information)
|Number||Name of the personal information file||Items for the personal information|
|1||KOTRA Express subscriber||Required||Name, e-mail, nationality, occupation|
|2||Online investment consultation inquirer||Required||Name, e-mail, phone number|
ㅇ Invest Korea website: IP address, browser cookies, log data and traffic
Article 7 (Procedures and methods of destructing the personal information)
Any unnecessary personal information and personal information file shall be destroyed in accordance with the below procedure of the inside policy under the responsibility of the person in charge of the personal information.
- Destruction of the personal information. The personal information shall be destroyed without delay from the end date of its holding period.
- Destruction of the personal information file If the personal information file becomes unnecessary due to the achievement of the processing of the personal information file, abolition of the relevant service and the end of the business, the personal information file shall be destroyed without delay from the day that recognizes the processing of the personal information is no longer needed.
- Electronic data shall be destroyed by using technical methods to make it impossible to restore such data.
- Paper documents that contain the personal information shall be shredded or incinerated.
Article 8 (Measures to secure the safety of the personal information)
- 1. Minimum number of staff in charge of the personal information processing and training Invest KOREA shall designate the minimum number of staff to handle the personal information.
- 2. Restricted access to the personal information
Invest KOREA shall carry out necessary measures to restrict access to the personal information through empowerment, change and cancellation of access authorities for the database system that processes the personal information. It shall also operate intrusion prevention systems to deny any unauthorized external access.
- 3. Preservation of the access records
Invest KOREA shall store access records (weblog data, summarized information, etc.) to the personal information data system for at least six months.
- 4. Encryption of the personal information
The personal information of the users are stored and managed in an encrypted manner. Invest KOREA also implements special security measures including encrypting important data when storing or transferring.
- 5. Installation and periodic updates of computer security programs
Invest KOREA shall install and periodically update the computer security programs to prevent the personal information from leakage and damage due to hacking or computer viruses.
- 6. Access control of the unauthorized personnel
Invest KOREA shall operate a separate physical storage facility for its personal information data systems and establish and operate relevant access control procedures.
Article 9 (Persons in charge of personal information protection)
|Head of Invest KOREA
Lyu Jae Won
Tel : 02-3460-7400
|Investment Planning Department
Tel : 02-3460-7824
|Investment PR Team
Email : email@example.com
Tel : 02-3460-7842
Fax : 02-3460-7920
Article 10 (Request for inspection of the personal information)
① An information player shall request for the inspection of the personal information in accordance with Article 35 of the Personal Information Protection Act via the following team. KOTRA shall strive to swiftly handle the request of the information player for the inspection of the personal information.
※ Department in charge
- Team : Investment Public Relations Team
- Officer : Shin Jiin
- Contact : Tel. 02-3460-7842 / E-mail firstname.lastname@example.org / Fax 02-3460-7920
- ② Apart from the Team mentioned in Section 1, the information player shall be able to request for the inspection of the personal information via the website (www.privacy.go.kr) of the Privacy Information Protection Portal run by the Ministry of Government Administration and Home Affairs.
Article 11 (Remedies for infringement on rights and interests)
Personal Information Infringement Report Center (Run by the Korea Internet & Security Agency)
- Description : Report infringement on the personal information, request for consultation
- Website : http://privacy.kisa.or.kr
- Tel : 118 (without area code)
- Address : (58324) 9 Jinheung-gil, Naju, Jeollanam-do, 3F Personal Information Infringement Notification Center
Personal Information Dispute Mediation Committee
- Duties : personal information dispute mediation, collective dispute mediation (civil resolution)
- Website : http://www.kopico.go.kr
- Tel : 1833-6972
- Address : (03171) Level 4, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul
- SPO Cybercrime Investigation Department : 1301 (http://www.spo.go.kr, email@example.com)
- National Police Agency Cyber Bureau : 182 (http://cyberbureau.police.go.kr)
Article 12 (Installing, operating, and refusing installation of automatic data collection tools)
- 1. Internet Exlporer: click the 'Tools' menu at the top of your browser window → click 'Internet options' → select the 'Privacy' tab → set cookie handling level by adjusting the slider
- 2. Chrome: click the 'Settings' menu in the top-right corner of your browser window → click 'Show advanced settings' → click 'Content settings' in the 'Privacy' section → set cookie handling level
Article 13 (Amendment to the personal information processing policy)
② Please find below the previous personal information protection policies:
1. ControllerA controller is responsible for the collection and processing of your personal data in accordance with the General Data Protection Regulation (GDPR) as well as further applicable data protection laws. Please find your controller and its contact information here, depending on where you are.
2. Data protection officerWe have appointed a Data Protection Officer in accordance with Art. 37 of the GDPR. If there is anything you are unsure about regarding this Policy or our data protection of your personal data, feel free to contact our Data Protection Officer by emailing firstname.lastname@example.org at any time.
3. How we collect your personal data
4. What type of personal data we have
- Contact information – We may collect contact information including the name of your organisation, job title, and nationality to communicate with you in accordance with the contract, services or any business opportunities.
- Requests/Claim data – We may gather your contact information and details of your comments, requests or any other issues you’ve raised regarding our services.
- Financial data – We may collect your financial data such as bank account number for financial transactions.
- Registration data – Based on the record of your visits to events such as business meetings and exhibitions, we may collect your contact information that includes the name of your organisation, your job title and nationality for our reference to host upcoming events.
- The personal data that we process may include any other personal data that is provided to us during the course of our services.
- To provide you with an acceptable service, we may collect your information about dietary which is classed as special category data with your explicit consent.
5. How we process your personal data
- To contact you or communicate with you concerning our services or business administration
- To respond to your requests, inquiries or concerns regarding our services
- To provide international business matchmaking services which may include supporting the business trip and setting up meetings for foreign and Korean companies
- To facilitate the exhibitions, conventions or events and to provide you with information and services associated with the events
- To contact you with regard to business opportunities which we believe might interest you
- To send you our newsletter or information at irregular intervals to inform you about news on our services as well as on the services of our affiliated companies
- To send you surveys with the purpose of requesting your feedback about our events (We send surveys to all event participants instead of specific persons. Participation in surveys is voluntary, not mandatory.)
- To pay a bill or compensation to you
- To ensure our website stays securely by preventing, detecting, mitigating and investigating fraud and security breaches
- To ensure the performance of our website
- To ensure that the content of our website is presented in the most effective manner for you and your computer
6. Legal basis for the processing of personal dataWhere KOTRA is processing personal data for the performance of its functions, the primary legal bases under the GDPR are as follows:
- Where the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract in accordance with Art. 6 (1) (b) of the GDPR. (i.e. when you register for our services, responding to your request about our services);
- Where the processing is necessary for the legitimate interests pursued by KOTRA or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data in accordance with Art. 6 (1) (f) of the GDPR. (i.e. sending thank you letters or surveys after the event, preventing or detecting security issues);
- Where we have obtained a data subject’s consent to the processing in accordance with Art. 6 (1) (a) of the GDPR. (i.e. sending the newsletters);
- Where the processing is necessary to comply with legal obligations in accordance with Art. 6 (1) (c) of the GDPR.
7. How we share your personal data with others
- KOTRA headquarters in Korea
- Other business partners and Korean companies
- Sponsors, co-organisers and attendees of our events
- External service providers who facilitate or support our events
- External operators of our websites and applications
- Travel agencies or hotels in connection with supporting your business trips
- Korean governments and external examiners if you are appointed as an Honorary Ambassador of Foreign Investment Promotion for Korea
- Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies
- Third parties who are involved in judicial proceedings, in particular, if they submit a legal order, court order or equivalent legal order to us.
8. International transfers of personal data
10. SecurityWe have implemented technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised access or disclosure of personal data. We restrict access to your personal data to those who need to know that information to provide benefits or services to you. In addition, we train our employees to help them be well aware of risks associated with data security and confidentiality.
11. Data retentionWe strive to keep our processing activities with respect to your personal data as limited as possible. Your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements. In case of consent, your personal data will be at the latest deleted without undue delay after the withdrawal of such consent.
12. Your rightsYou have the rights, at any time:
- without giving reasons according to Art. 15 of the GDPR to obtain information about your data stored with us. With the exception of any connection fees charged by your provider, you will not incur any costs as a result of the inquiry;
- to have the data rectified in accordance with Art. 16 of the GDPR;
- to have the data erased in accordance with Art. 17 of the GDPR;
- to obtain from the controller restriction of processing in accordance with Art. 18 of the GDPR;
- to object to the processing for sending newsletters according to Art. 21 (2) of the GDPR;
- to object to other forms of processing of your personal data in accordance with Art. 21 (1) of the GDPR;
- to withdraw any consent to the collection and use of data given to us at any time, without affecting the lawfulness of processing based on consent before its withdrawal in accordance with Art. 7 (3) of the GDPR;
- to receive your personal data in a machine-readable format and to transmit them to another person responsible in accordance with Art. 20 of the GDPR;
13. Links to other websites
|Address||Mariahilferstrasse 77-79/1/3, (Generali Center, 3rd Fl.) A-1060,
|Data Protection Manager||dpm_Austria@kotra.or.kr|
|Address||Rond-point Schuman 11, 1040 Brussels, Belgium|
|Data Protection Manager||dpm_Belgium@kotra.or.kr|
|Address||Floor 1, Interpred-WTC, 36 Dragan Tsankov Blvd., sofia 1057, Bulgaria|
|Data Protection Manageremail@example.com|
|Address||Radnička cesta 52/Ⅷ, 10000, Zagreb, Croatia|
|Data Protection Manager||dpm_Croatia@kotra.or.kr|
|Address||Panorama Business Center, Skretova 12, 120 00, Praha 2, Czech Republic|
|Data Protection Manager||dpm_Czech@kotra.or.kr|
|Address||Holbergsgade 14, 3rd Floor DK-1057, Copenhagen, Denmark|
|Data Protection Managerfirstname.lastname@example.org|
|Address||Salomonkatu 17 A, 3 Krs D, 00100 Helsinki, Finland|
|Data Protection Manageremail@example.com|
|Address||19 Avenue de l'Opéra, 75001 Paris, France|
|Data Protection Manager||dpm_France@kotra.or.kr|
|Address||MesseTurm 33.OG, Friedrich-Ebert-Anlage 49, 60308 Frankfurt am Main, Germany|
|Data Protection Managerfirstname.lastname@example.org|
|Address||Axel-Springer-Platz 3, Haus B, 20355 Hamburg, Germany|
|Data Protection Manageremail@example.com|
|Address||Tal 12, D-80331 Munich, Germany|
|Data Protection Managerfirstname.lastname@example.org|
|Address||6th Fl., 5 Chatzigianni Mexi Str., GR-11528, Athens, Greece|
|Data Protection Manager||dpm_Greece@kotra.or.kr|
|Address||H1123, 3F, KOTRA, Alkotas U. 50, Budapest, Hungary|
|Data Protection Manager||dpm_Hungary@kotra.or.kr|
|Address||Via Larga 2 - 20122, Milano, Italy|
|Data Protection Manageremail@example.com|
|Address||KOTRA, 21th Fl. Warsaw Financial Center, Emilii Plater 53, 00-113, Warsaw, Poland|
|Data Protection Managerfirstname.lastname@example.org|
|Address||Baneasa Business & Technology Park, Soseaua Bucuresti – Ploiesti nr. 42-44, Sector 1, Romania Cladirea A, Aripa A1, Et. 1|
|Data Protection Manageremail@example.com|
|Address||2nd Floor, Cintorinska 2333/9, 811 08 Bratislava, Slovak Republic|
|Data Protection Manager||dpm_Slovakia@kotra.or.kr|
|Address||Paseo de la Castellana 95, Torre Europa 95, Planta 9 B, 28046 Madrid, Spain|
|Data Protection Manager||dpm_Spain@kotra.or.kr|
|Address||KOTRA, Svardvagen 11C, SE-182 33 Danderyd, Sweden|
|Data Protection Managerfirstname.lastname@example.org|
|Address||WTC Amsterdam, C tower 12F Strawinskylaan 1253, 1077XX Amsterdam, The Netherlands|
|Data Protection Manageremail@example.com|
|Address||1st Floor, Brettenham House North, 12-13 Lancaster Place, London WC2E 7EN, United Kingdom|
|Data Protection Managerfirstname.lastname@example.org|
|Address||MesseTurm 33.OG, Friedrich-Ebert-Anlage 49, 60308 Frankfurt am Main, Germany|
|Data Protection Officeremail@example.com|
|Address||13, Heolleung-ro, Seocho-gu, Seoul, Korea|
|Data Protection Manager||dpm_HQ@kotra.or.kr|